NeironHub privacy policy
NEIRONHUB INC, a Delaware corporation (“NeironHub,” “we,” “us”), respects your privacy. This Privacy Policy (the “Policy”) explains how we collect, use, disclose, and safeguard personal information when you use neironhub.ai or any related web application, API, or other services (the “Platform”). It is Schedule B to, and forms part of, the NeironHub Terms of Service (the “ToS”). Capitalized terms not defined here have the meanings given in the ToS.
Regulatory framework. Depending on where you are located, you may have rights under the EU General Data Protection Regulation (GDPR), the UK GDPR, Swiss data protection law, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Delaware Personal Data Privacy Act, other U.S. state privacy laws, and Canadian privacy laws including PIPEDA and BC PIPA. We follow applicable anti-spam laws, including CAN-SPAM and CASL, for electronic communications.
1. Information we collect
Account data. Name, email address, phone number, company name, job title, billing address, account credentials, and, for AI Experts, tax identification and verification status.
Profile data. For AI Experts: qualifications, skills, portfolio materials, and work history. For Clients: company information, industry, and project requirements. For AI Experts, identity and verification documents may be processed by Stripe or other verification providers; NeironHub may receive verification status, metadata, and compliance results, and stores verification documents directly only where necessary and disclosed.
Project data. Briefs, proposals, negotiations, acceptance criteria, milestones, Deliverables, AI Outputs, revisions, and related project records.
Payment data. Billing details and payout information processed through our payment processor (Stripe). Full payment card numbers and bank credentials are handled by Stripe and are not stored on NeironHub servers.
Communications data. Messages, notifications, support tickets, dispute submissions, feedback, and survey responses.
Uploaded files. Files, code, datasets, documents, and other materials uploaded to the Platform, together with associated upload metadata and audit records.
AI-assisted feature inputs. Text and data you submit to AI-assisted features such as brief generation, requirement analysis, matching, summarization, support chat, budget guidance, and technology suggestions.
Automatically collected data. IP address, device and browser information, pages viewed, access times, and similar usage data; and error, security, and audit logs (authentication events, access records, API calls, and security events) used to operate and secure the Platform.
Data from third parties. Identity verification, KYC, and fraud-prevention results from Stripe and any other verification provider we use, and basic profile information if you choose to sign in with a supported third-party login (for example, Google or GitHub).
Sensitive and regulated data. We do not intentionally collect special-category or highly sensitive regulated data unless expressly permitted under the Acceptable Use & AI Policy, approved by NeironHub in writing, or governed by an applicable Enterprise Agreement. Users must not submit such data unless they have the legal right to do so and the submission is permitted under the applicable Platform terms.
2. How we use personal information
- Operate the Platform; create and authenticate Accounts; facilitate Projects, milestones, and communications;
- Process payments, payouts, refunds, chargebacks, and the protected milestone payment workflow through Stripe;
- Provide AI-assisted features and customer support;
- Verify AI Experts, prevent fraud and abuse, enforce the ToS and Acceptable Use & AI Policy, and maintain Platform security;
- Improve and develop the Platform using product analytics and aggregated insights;
- Send transactional communications, and marketing communications where permitted (with opt-out);
- Comply with legal, tax, accounting, and regulatory obligations, and respond to disputes and legal process.
Legal bases (GDPR/UK GDPR). Where applicable, we process personal information to perform our contract with you, for legitimate interests (such as security, fraud prevention, and Platform improvement) balanced against your rights, to comply with legal obligations, and with your consent (for example, for certain marketing or analytics). You may withdraw consent at any time.
3. Analytics, monitoring, and error logging
Tools we use. We use Google Analytics on our public marketing pages only; PostHog for product event analytics within the authenticated product; and Sentry for error monitoring. Google Analytics is not loaded on authenticated product routes.
Content exclusions. Analytics, product-monitoring, session-replay, and error-logging tools must not receive confidential project content. We exclude from these tools: brief text; proposal text; statement-of-work or other legal text; chat messages; uploaded file contents; uploaded file names; payment card data; sensitive or regulated personal data; and names, email addresses, phone numbers, and company names, unless expressly approved and necessary for a specific, disclosed purpose.
PostHog configuration. PostHog is configured to capture product events without payment data and without the excluded content above. Session replay is disabled for the current product release; if session replay is enabled in the future, sensitive fields will be masked or disabled and this Policy will be updated.
Sentry configuration. Sentry is configured to scrub request bodies, credentials, and form values so that confidential project content and sensitive personal data are not captured in error reports.
Cookies. We use strictly necessary cookies for authentication, security, and session management, and limited functional and analytics cookies. Where required by law, we load non-essential analytics cookies and similar technologies only after consent, and Users may withdraw consent or adjust cookie preferences through available Platform or browser controls. You can manage cookies through Platform settings and your browser.
4. How we share personal information
Service providers (subprocessors). We share personal information with vendors that process it on our behalf under contractual confidentiality and data-protection obligations, only as needed to provide their services:
- Payments. Stripe and Stripe Connect (payment processing, KYC, payouts).
- Hosting and infrastructure. Vercel (application hosting); Supabase (PostgreSQL database); and Amazon Web Services (S3 file storage and malware scanning).
- Analytics and monitoring. Google Analytics (marketing pages only); PostHog (product analytics); Sentry (error monitoring), each configured as described in Section 3.
- Email and notifications. Resend (transactional email and notifications).
- AI providers. OpenAI and other AI model providers used for AI-assisted features, that may be added, changed, limited, or discontinued from time to time. We configure our AI providers, where available, not to use User data submitted through the Platform to train their foundation models, unless explicitly authorized in writing for a specific disclosed purpose.
- Scheduling. Calendly (AI Expert verification calls and NeironConsult session scheduling).
- Verification. Stripe performs identity verification and KYC during AI Expert payment onboarding; any additional verification provider we use will be disclosed.
Our current subprocessor list may be updated from time to time. Users may request the then-current list where required by applicable law, and Enterprise Clients may receive additional subprocessor disclosures, notices, or commitments under an applicable Enterprise Agreement.
Other Users within Projects. Limited profile information and the Project record (briefs, communications, Deliverables, and related materials) are shared between the Client and the assigned AI Expert(s) for an active Project. Public AI Expert profile information may be visible to prospective Clients.
Legal and safety. We may disclose personal information to comply with law, court orders, or government requests; to enforce our Policies; to prevent fraud or security incidents; to protect rights, property, and safety; and to report suspected child exploitation to NCMEC and law enforcement as required.
Corporate transactions. Personal information may be transferred in connection with a merger, acquisition, financing, or sale of assets, subject to notice where required.
Aggregated and de-identified data. We may create and use aggregated, de-identified, or anonymized data that does not identify you for any lawful business purpose.
No sale of personal information. NeironHub does not sell personal information and does not “share” it for cross-context behavioral advertising as defined under the CPRA.
5. International transfers
NeironHub is based in the United States and uses vendors located in the United States and other countries. Certain vendors process data in the United States; for example, PostHog product-analytics data is processed through a U.S. ingest endpoint. Where we transfer personal information internationally, we rely on appropriate safeguards, such as adequacy decisions or Standard Contractual Clauses (or the UK IDTA), and, where required, your consent. Enterprise Clients may request specific data-residency arrangements under an Enterprise Agreement. EEA and UK residents may request information about our transfer safeguards by contacting legal@neironhub.ai.
6. Data retention
General. We retain personal information for as long as your Account is active and as needed to provide the Platform, comply with legal obligations, resolve disputes, and enforce agreements.
Specific periods. Project, payment, dispute, audit, security, and legal or compliance records may be retained for longer periods as required for legal, tax, accounting, fraud-prevention, security, dispute-resolution, or regulatory purposes. After Account closure, we generally retain account and workspace data for sixty (60) days before deletion or irreversible anonymization from active systems, unless longer retention is required for legal, tax, accounting, fraud-prevention, security, dispute-resolution, regulatory, backup, or Enterprise Agreement purposes.
7. Your rights
Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal information, to withdraw consent, and to lodge a complaint with a supervisory authority. California residents have rights under the CCPA/CPRA, including the rights to know, delete, correct, and opt out of “sharing” for cross-context behavioral advertising, and the right not to be discriminated against for exercising these rights. To exercise your rights, contact legal@neironhub.ai. We will verify your request and respond within the timeframes required by applicable law. To protect your information, we may take reasonable steps to verify your identity before fulfilling a request, and we may require proof of authority where an authorized agent submits a request on your behalf. You may also request export of your data before Account closure.
8. Security
We implement technical and organizational measures designed to protect personal information, including access controls, encryption in transit and at rest where appropriate, activity logging, secure infrastructure practices, and monitoring for security events. Files are validated on the server and stored privately, with access provided through short-lived signed links rather than public URLs, and uploaded files may be validated and scanned for malware or unsafe content. If we determine that a security incident triggers a legal notification obligation, we will notify affected Users and regulators as required by applicable law. No security measure is perfect; you are responsible for safeguarding your credentials and configuring appropriate access controls within your Account.
9. Children’s privacy
The Platform is a business-to-business service not directed to children. We do not knowingly collect personal information from children under 16 (or under 13 in the United States). If we learn we have collected such information without required parental consent, we will delete it. Contact legal@neironhub.ai with any concern.
10. Changes and contact
We may update this Policy from time to time and will post the revised Policy with an updated effective date. We will provide at least thirty (30) days’ notice of material changes by email, in-app notice, or a banner on the Platform. Continued use after the effective date constitutes acceptance. For privacy questions or to exercise your rights, contact:
NeironHub Inc.
2101 5th Avenue, 4S
New York, NY 10027
USA
Attn: Legal Department
Email: legal@neironhub.ai